Here is a smattering of ideas (not originally mine!) on email approaches that avoid spam and offer other advantages.
White list only
I've used this for years now with great success. You only receive email based on a white list. Period.
Sender stores email
All that is ever emailed is a link and the email client/recipient retrieves the email from the sender at the time they read it. There's no (or not necessarily) local storage of messages and sender validation is inherent. Also you have the added benefit of being able to modify (including fully retracting) a message after sending it. Storage is also ultimately efficient, only one copy in the universe. (Of course recipients can save their own copy). Downloading attachments integrates nicely and easily with pretty much no need for a size limitation.
Security is also nearly trivial! To secure the email, make the retrieval channel SSL. You're done.
If you want to limit delivery to authorized individuals, require authentication to retrieve the message. This could be made “invisible” in the background by employing certificates and doing the authentication on the fly.
Fully closed systems
For an organization's internal email (which I propose accounts for a large percentage of work-related messages), use a closed system like a forum/BBS with no connection to the outside world. Messages are stored once, organized into topics, security is inherently (approaching) perfect. Messages can be edited and retracted after sending. There is no spam, at all, ever. This is what LearnLink would be if it was disconnected from the Internet. I've been using a forum in this way for more than a year or two and have found it works extremely well.
I like the idea of a closed system for internal email and a separate email system for external messaging, perhaps Google- or Yahoo-based.
Also note that MySpace is exactly such a system on a vast scale, combining also the above white list idea with their implementation. I've noted that my kids, and their friends and family are using Myspace for communication more than email.